Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/xxdtDnxm5SbYUyLSSe_1JSDp0Io.roa
File:                     xxdtDnxm5SbYUyLSSe_1JSDp0Io.roa (raw, json)
Hash identifier:          sYw0iGaZJut/XsjtZvg3UVMsWaJI6tDLlxF0xRlbajc=
Subject key identifier:   C7:17:6D:0E:7C:66:E5:26:D8:53:22:D2:49:EF:F5:25:20:E9:D0:8A
Certificate issuer:       /CN=3a0429b5aecac8364544bf623f94f163afdce561
Certificate serial:       018DD05995510D3A304791FF565794310384
Authority key identifier: 3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/xxdtDnxm5SbYUyLSSe_1JSDp0Io.roa
Signing time:             Thu 22 Feb 2024 10:25:48 +0000
ROA not before:           Thu 22 Feb 2024 10:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197938
IP address blocks:        2a04:e540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:59:95:51:0d:3a:30:47:91:ff:56:57:94:31:03:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0429b5aecac8364544bf623f94f163afdce561
        Validity
            Not Before: Feb 22 10:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7176d0e7c66e526d85322d249eff52520e9d08a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b4:e8:8f:a6:62:1a:f5:1a:99:e7:8a:92:09:
                    19:de:5a:58:a8:c3:3f:70:37:b8:8e:c8:2b:64:3c:
                    56:18:af:74:50:d0:03:a0:65:f2:3c:26:97:b5:84:
                    76:c2:55:c1:13:e8:ca:38:d5:ff:bc:34:e5:ce:77:
                    41:8a:36:e3:74:3d:bf:08:58:53:29:47:65:ef:c9:
                    3e:c6:d7:4c:be:de:31:91:b3:2e:c7:20:5f:03:db:
                    12:ec:61:c9:00:d8:bd:bc:c9:dd:92:74:aa:ef:5f:
                    0f:66:01:53:70:8c:75:c4:df:cb:c8:d6:9b:55:ee:
                    70:0f:eb:cb:9e:24:e9:f8:89:7b:0f:3c:32:be:0d:
                    26:2c:78:d3:20:e0:ba:b2:72:2f:7a:1a:19:ff:c1:
                    97:6a:d5:4e:e2:99:1f:bb:e3:12:ae:8f:02:f4:4f:
                    e7:30:d5:fb:87:59:71:73:e3:00:a1:56:e0:00:26:
                    d8:35:b0:ed:65:d2:9c:99:92:2b:c0:17:d9:f5:27:
                    03:7b:03:61:4c:83:d0:f3:42:b8:5b:25:43:ef:fb:
                    c2:4b:b1:94:36:57:d4:8d:44:4d:59:16:ac:e8:d5:
                    1e:1c:19:db:22:3c:b6:91:e0:cf:16:39:c7:61:2f:
                    98:4e:57:87:53:bb:3e:b9:df:f9:f2:47:18:fe:42:
                    41:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:17:6D:0E:7C:66:E5:26:D8:53:22:D2:49:EF:F5:25:20:E9:D0:8A
            X509v3 Authority Key Identifier:
                keyid:3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/xxdtDnxm5SbYUyLSSe_1JSDp0Io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:e540::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:8c:a1:57:72:76:74:4a:dd:e5:0c:37:35:42:92:ee:40:fd:
         06:ea:a2:33:e5:ab:0c:cc:34:34:ce:2d:06:29:92:22:27:98:
         07:ba:53:76:ec:5f:52:e3:bb:3c:a9:a7:49:1f:dd:ee:4e:fa:
         62:ba:27:47:40:bd:cc:88:f1:2d:93:4e:be:c3:b2:3d:02:1d:
         a6:02:05:bb:ad:79:03:38:db:1b:c0:82:0b:69:ff:e3:3f:fc:
         fd:d3:b8:91:78:c1:55:d3:77:72:2b:e0:11:27:d0:a2:47:71:
         30:a5:75:21:1a:fd:97:9f:8e:8a:25:ab:9b:2f:0d:6d:9a:4e:
         0e:b7:14:a0:89:27:5a:a4:7f:d5:2d:8b:e5:d9:dc:21:53:58:
         19:e9:e8:02:59:cd:2f:68:3c:ec:74:f5:7f:6a:4f:be:8c:59:
         d4:49:a5:40:c5:ca:55:5e:29:3b:c4:d2:8d:d7:b0:eb:c3:e9:
         bd:91:8c:45:49:37:9e:30:20:ae:f9:fa:b2:cc:1c:5d:10:9a:
         df:d1:1d:7c:c9:21:74:ca:5f:e9:68:5c:8d:01:99:f9:6d:bc:
         d4:cf:b8:9d:bc:c3:28:66:9d:56:41:b2:f1:2e:65:63:13:b1:
         c0:07:42:0b:a2:3b:48:b5:5a:e3:f7:74:74:2d:51:73:7b:71:
         a0:06:c7:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3QWZVRDTowR5H/VleUMQOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDQyOWI1YWVjYWM4MzY0NTQ0YmY2MjNmOTRmMTYzYWZk
Y2U1NjEwHhcNMjQwMjIyMTAyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE3NmQwZTdjNjZlNTI2ZDg1MzIyZDI0OWVmZjUyNTIwZTlkMDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbToj6ZiGvUameeKkgkZ3lpYqMM/
cDe4jsgrZDxWGK90UNADoGXyPCaXtYR2wlXBE+jKONX/vDTlzndBijbjdD2/CFhT
KUdl78k+xtdMvt4xkbMuxyBfA9sS7GHJANi9vMndknSq718PZgFTcIx1xN/LyNab
Ve5wD+vLniTp+Il7Dzwyvg0mLHjTIOC6snIvehoZ/8GXatVO4pkfu+MSro8C9E/n
MNX7h1lxc+MAoVbgACbYNbDtZdKcmZIrwBfZ9ScDewNhTIPQ80K4WyVD7/vCS7GU
NlfUjURNWRas6NUeHBnbIjy2keDPFjnHYS+YTleHU7s+ud/58kcY/kJB6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMcXbQ58ZuUm2FMi0knv9SUg6dCKMB8GA1UdIwQY
MBaAFDoEKbWuysg2RUS/Yj+U8WOv3OVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEt
ODQ3MTJjOWYzNDY0LzEveHhkdERueG01U2JZVXlMU1NlXzFKU0RwMElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEtODQ3MTJjOWYzNDY0
LzEvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgTlQDAN
BgkqhkiG9w0BAQsFAAOCAQEAwIyhV3J2dErd5Qw3NUKS7kD9BuqiM+WrDMw0NM4t
BimSIieYB7pTduxfUuO7PKmnSR/d7k76YronR0C9zIjxLZNOvsOyPQIdpgIFu615
AzjbG8CCC2n/4z/8/dO4kXjBVdN3civgESfQokdxMKV1IRr9l5+OiiWrmy8NbZpO
DrcUoIknWqR/1S2L5dncIVNYGenoAlnNL2g87HT1f2pPvoxZ1EmlQMXKVV4pO8TS
jdew68PpvZGMRUk3njAgrvn6sswcXRCa39EdfMkhdMpf6WhcjQGZ+W281M+4nbzD
KGadVkGy8S5lYxOxwAdCC6I7SLVa4/d0dC1Rc3txoAbH8w==
-----END CERTIFICATE-----